Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25179 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 7.8 HIGH |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | |||||
| CVE-2024-32488 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-07-09 | N/A | 7.8 HIGH |
| In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there. | |||||
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-07 | N/A | 8.4 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | |||||
| CVE-2024-29852 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-07-03 | N/A | 2.7 LOW |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-25844 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | N/A | 7.5 HIGH |
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | |||||
| CVE-2025-29826 | 1 Microsoft | 1 Dataverse | 2025-05-19 | N/A | 7.3 HIGH |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 7.8 HIGH |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 8.8 HIGH |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2025-05-07 | N/A | 7.8 HIGH |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-20649 | 2 Mediatek, Openwrt | 11 Mt6880, Mt6890, Mt6980 and 8 more | 2025-04-22 | N/A | 6.5 MEDIUM |
| In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184. | |||||
| CVE-2024-22078 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 8.8 HIGH |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | |||||
| CVE-2024-22077 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. | |||||
| CVE-2024-1608 | 1 Oppo | 1 Usercenter Credit Software Development Kit | 2025-04-02 | N/A | 9.1 CRITICAL |
| In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | |||||
| CVE-2024-0015 | 1 Google | 1 Android | 2025-03-14 | N/A | 7.8 HIGH |
| In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52537 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-30418 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-27087 | 1 Xuxueli | 1 Xxl-job | 2025-02-26 | N/A | 7.5 HIGH |
| Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | |||||
| CVE-2024-24116 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-02-10 | N/A | 9.8 CRITICAL |
| An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. | |||||
| CVE-2025-22395 | 1 Dell | 1 Update Package Framework | 2025-02-04 | N/A | 8.2 HIGH |
| Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | |||||